On 2012-01-02 14:41:10 -0800, Gregory Maxwell said: > make this possible: https://bitcointalk.org/index.php?topic=21995.0
Neat! I had a similar idea but you've clearly beat me to [a big part of] it. > Er, no— if a node controls the private keys for a transaction, and > that transaction makes it into the chain then it can safely assume > that its unspent (at least once its buried a few blocks into the > chain). I'm not so sure about that. If you accept X successor blocks as proof that none of the transactions in a block re-used an output, then the cost of attacking is X*50BTC since the hashpower needed for the attack could have earned that much reward. However, an attacker could use the same faked X-block sequence to attack multiple clients by putting several double-spend transactions in the first faked block. This would spread out the cost over more than one attack. So simply checking that the value of the transaction is less than X*50 isn't necessarily enough, although the logistics of the attack aren't exactly easy. There's also the question of knowing what the difficulty for those X blocks ought to be. If the attacker controls your network connection (e.g. your ISP attacks you) you wouldn't be able to get a second opinion on how high the difficulty ought to be, and might get fooled by X very-low-difficulty blocks that were each produced with a lot less than 50BTC worth of hashpower. - e ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
